Information Governance and Quality in Optometry. Peter Hampson and Richard Knight LOCSU

Transcription

1 Information Governance and Quality in Optometry Peter Hampson and Richard Knight LOCSU

2 Introduction NHS Contracts IG compliance and Quality in Optometry Information Governance

3 NHS Contracts NHS Contracts: GOS NHS Standard Contract Both have IG requirements

4 GOS Schedule 1, Part 4 of GOS contract - Records, Information, Notifications, Name and Rights of Entry IG sections on: Patient records Confidentiality of personal data Patient information Provision of and access to information Use of disqualified name Notifications Entry and inspection

5 NHS Standard Contract Far more IG in NHS Standard Contract Far more everything in Standard Contract Standard Contract covers all NHS services outside of primary care i.e. GOS

6 Standard Contract NHS STANDARD CONTRACT Mandated by NHS England for use by commissioners for all contracts for healthcare services other than primary care.

7 Standard Contract For all types of providers not just community services (CS): Accident and Emergency (A+E) Acute Services (A) Ambulance Services (AM) Cancer Services (CR) Continuing Healthcare Services (CHC) Diagnostic, Screening and/or Pathology Services (D) End of Life Care Services (ELC) Mental Health and Learning Disability Services (MH) Mental Health and Learning Disability Secure Services (MHSS) NHS 111 Services (111) Patient Transport Services (PT) Radiotherapy Services (R) Urgent Care/Walk-in Centre Services/Minor Injuries Unit (U)

8 Standard Contract Standard Contract - between CCG and contractor whether LOC Company or practice (Note subcontractor does not contract directly with CCG so does not sign Standard Contract) However, Standard Contract clauses are for providers but subcontractors also have to meet LOC company compliance requirements

9 Standard Contract Changes every year Reflects new legislation/policies/initiatives Incorporates: national requirements local detail

10 Standard Contract Standard Contract sections IG in all General Conditions national, unalterable Service Conditions national, some can be omitted under tailoring but applicable clauses unalterable - Particulars local, adaptable

11 General Conditions General Conditions: Fixed standard conditions which apply to all services and all types of provider, including mechanisms for contract management, generic legal requirements and defined terms. These are not open to variation This section contains the fixed standard conditions which apply to all services and all types of provider, including mechanisms for contract management, generic legal requirements and defined terms. Many IG requirements in GCs

12 General Conditions Information Governance Big GC requirement: IG Information Governance provides a framework to bring together all the legal rules, guidance and best practice that apply to the handling of information, allowing: implementation of central advice and guidance compliance with the law year on year improvement plans. At its heart, Information Governance is about setting a high standard for the handling of information and giving organisations the tools to achieve that standard. The ultimate aim is to demonstrate that an organisation can be trusted to maintain the confidentiality and security of personal information, by helping individuals to practice good information governance and to be consistent in the way they handle personal and corporate information (NHS Digital)

13 General Conditions Information Governance Key requirement to complete the Information Governance Toolkit (IGT) IGT: online system for providers to demonstrate compliance and assuage commissioners

14 General Conditions Information Governance (IGT) Different IGTs for different types of providers Optical providers complete Eye Care toolkithas three categories: Information Governance Management Confidentiality and Data Protection Assurance Information Security Assurance

15 IGT requirements Specifics (as per IGT): Named information governance lead Information Governance Policy Description of patient data held How patient data is protected How patient data is used and processed/transferred Confidentiality clause within the contracts of all staff Staff training on information governance Evidence of compliance with DPA where data is processed outside the UK

16 IGT requirements Procedures for seeking consent to use patient information Publicly available information leaflet Confidentiality Code of Conduct Information Asset Register Risk assessment (including working towards implementing any high priority security improvements identified) Mobile computing guidelines including encryption of mobile devices storing personal data (if applicable) Business continuity plan Incident management and reporting process Access control and password management procedures Data handling procedures

17 Service conditions Service Conditions: generic, system -wide clauses which relate to the delivery of services. Some of these will be applicable only to particular services or types of provider. Service conditions may be varied only by selection of applicability criteria, determining which clauses do and do not apply to the particular contract. The content of any applicable Service Condition may not be varied. Service Conditions also have IG requirements

18 Service conditions IG Accessible Information Standard Conform to NHS information/data standards and implement commissioner datasets as required Also adhere to commissioner requirements as stated in particulars

19 QiO there to help QiO - online toolkit for governance compliance in community optical practice GOS and NHS Standard Contracts Audits, staff sections.

20 QiO GOS checklist format: Compliance distilled into sections Simple tick box answers Policies/templates available in help section Contractors save and submit to NHS England every three years

21 QiO NHS checklist format: Similar to GOS in terms of checklist format But more complex (as per Standard Contract) Three checklist choices depending on contracting scenario: LOC Company Subcontractor to LOC Company Practice contracting direct with CCGs

22 QiO For LOC Company and practice contracting direct checklists for: General conditions Service conditions These include questions on the IG requirements.

23 QiO Subcontractors is currently different: Also General and Service Conditions but also complete IG checklist (based on IGT) However, now subcontractors also have to complete IGT as per Standard Contract QiO is being updated to incorporate.

24 QiO update Major update of QiO underway Move to linear format Incorporation of policy builder Possible export functionality tbc Updated to current Standard Contract

25 What is Information Governance? Information Governance is the term used to describe how to properly handle and process information. It applies to both people (patients, users and staff) and also data about corporations (financial and accounting information). IG is effectively a subset of corporate governance. It is designed to manage what information about a company is retained, where it is held and how long it is kept for.

26 Where does the legislation come from? Derived from various sources of existing legislation and guidance. Data Protection Act 1998 Human Rights Act 1998 Caldicott Report Health and Social Care Act 2012 Common law duty of confidentiality Freedom on Information Act 2000

27 Information Commissioner (ICO) The Information Commissioner s Office (ICO) is an independent authority that was set up to uphold information rights in the public interest. The maximum possible fine from the ICO for data protection breaches is 500,000 The likelihood of a fine is determined by the steps taken to prevent data loss. The more robust the procedures to prevent data loss the less likely a fine is.

28 Information Commissioner (ICO)

29 Information Commissioner (ICO) Chelsea and Westminster Hospital NHS Foundation Trust has been fined 180,000 after revealing the addresses of more than 700 users of an HIV service. Blackpool Teaching Hospitals NHS Foundation Trust inadvertently published the private details of 6,574 members of staff, including their National Insurance number, date of birth, religious belief and sexual orientation in March The Trust has been fined 185,000 by the ICO.

30 NHS mail One of the most asked questions at the moment. Do I need to do the IGT to get NHS mail? Followed by My friend/the local CCG/some other person has said I don t need to bother and it isn t on the form.

31 NHS mail YES you need to do IGT

32 NHS mail YES you need to do IGT

33 How are we going to make it easier?

34 Requirement 209

35 Safe Harbour EC privacy law forbids the movement of data outside of the EU unless it is sent to somewhere with adequate privacy protection. Safe Harbour was an agreement between the EC and US, designed to protect EC citizens data. It has been declared invalid. Meaning each company needs an agreement to transfer data from the US to the EU. Privacy Shield has been implemented to replace it, but it might not be good enough, and is still under review. BREXIT.

36 Safe Harbour Google Facebook Dropbox Microsoft When/if we leave the EU we may need another agreement as Privacy Shield won t apply to us.

37 How are we going to make it easier? Updated QiO Simple, linear questions Policy builder Single data upload Online training course delivered via the WOPEC platform. Coming soon

38 A sneak peek

39 A sneak peek

40 Download App: Wifi: BTOpenzone Username: Password: noc2016 Twitter: #NOC2016 Questions?